On 04/10/2012 12:23 PM, Niels Möller wrote:
I do the pkcs1 1.5 encoding in gnutls, and you also do it in the high level functions in nettle, that I cannot use. It would be nice if we can save some code and reduce error risk by having a common pkcs1 1.5 signing function. I'll try to propose one the next few days.
Have you looked at pkcs1_signature_prefix? It does part of the work, so maybe it's a good starting point. The reason it leaves space for the actual digest rather than copying it in place, is to avoid extra copies for the rsa_md5_sign-style functions.
pkcs1_signature_prefix() is very low level to be used by gnutls, as it assumes no ASN.1 encoder. The most suitable for me would be something like:
/* RSA signatures, using PKCS#1 1.5 * Input should be a BER encoded DigestInfo */ int rsa_digest_info_sign(const struct rsa_private_key *key, unsigned length, const uint8_t *digest_info, mpz_t signature);
int rsa_digest_info_verify(const struct rsa_public_key *key, unsigned length, const uint8_t *digest_info, const mpz_t signature);
Those two could also be used in place of all the individual rsa_(hash)_sign and rsa_(hash)_verify. It requires though another function is available translate from a digest to the digest_info (this is not needed for gnutls as we already have that, just a suggestion to fit those two in nettle).
E.g. digest_to_digest_info(hash_id, unsigned length, const uint8_t* digest, unsigned* digest_info_length, uint8_t* digest_info);
The cost is having a single function that will contain the OIDs for all the supported hash algorithms. The benefit is that there is no need to have separate sign and verify functions for each supported hash.
regards, Nikos